N.E.P.T.R

No

Firejail is a large SETUID binary which can (and has) aid in privilege escalation. It is recommended to avoid it for this reason.

See: https://madaidans-insecurities.github.io/linux.html#firejail

If you are relying on community sandboxing profiles and not making your own, i can understand why Firejail is interesting as a choice because of its large community.

If you are making your own, consider checking out Bubblewrap (available on most Linux systems), Bubblejail), Crablock, and Sydbox, which all use unprivileged sandboxes.

It really isnt any defense. All a website can do is initiate a download, websites are sandboxed by default. You still have to run the executable, which doesnt really apply to Linux because the file will have no executable permission.

This made me immediately think of how old American homes in the back of the mirror cabinet of the bathroom just had a slot that fed into the space between the drywall so you could through your razerblades away. Good luck to the renovators in 50 years when they need to remove that drywall and pick up a thousand rusty butterfly-style razerblades. Can’t throw those suckers in a plastic trashbag either cus it’ll cut right through.

I actually love that channel lol. A friend showed it to me a while ago and it is performance art (in the jerma985 sense).

Yeah okay.

My logic was that it is much more likely that someone will spoof there useragent already if they are on Linux. If threat actor is targeting not just Windows but also Linux, they probably would understand the very real likelyhood of platform spoofing.

That isnt a great defense against malware “imho”. Security through assuming the threat actor is lazy is just not security. It doesnt take like any effort on their part to just use some off-the-shelf OS fingerprinting code. It isnt worth it either because it contributes to your overall fingerprint, since normal RFP users have a standardized useragent for Windows and Linux separately.

Firstly there is no need to be condescending.

Secondly, do you block all JS? NoScript is not a silver bullet and doesnt stop fingerprinting, it is itself identified by the CreepJS test site. It may in this case reduce the chance of OS fingerprinting, but pure CSS methods exist as well.

Additionally, NoScript is laregly redundant with uBlock Origin since you can do everything that it offers, such as blocking 3rd party scripts/iframes/all, block fonts, block JS, and it is very granular.

Bottom line, you are fingerpintable.

It is trivial to identify OS platform because browser work differently on each platform. Wjat Librewolf does with useragent on Linux actually is makes users stand out more because it isn’t what privacy.resistFingerprinting (RFP) reports on normally.

Hackers (like the comment scenario i was responding to) are substantially more likely to employ platform fingerprint than trust a fale useragent. And loads general websites employ fingerprinting, meaning deviation from default RFP behaviour makes you stand out (more than you already do by using RFP since it is a small pool already).

You can lie, but that doesnt mean that a website cant still tell your base OS if they use JS platform fingerprinting. Arkenfox, the base config which Librewolf is based off of says the exact same thing. Go to CreepJS and see it get your platform regardless.

Except websites can tell what base OS you run using browser fingerprinting. It os impossible to lie aboit your OS because of the differences in platforms.

Look again. Reverse the numbers and you get 2102. Feel old yet? Look again.